Xst3nZ

5 exploits Active since Apr 2007
CVE-2007-2000 EXPLOITDB text WRITEUP
Raphael Limbach Crea-book < 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
CVE-2007-1895 EXPLOITDB text WRITEUP
Sky GUNNING MySpeach <3.0.7 - RCE
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.
EIP-2026-117700 EXPLOITDB c WORKING POC
Norman Security Suite 8 - 'nprosec.sys' Local Privilege Escalation
CVE-2007-1896 EXPLOITDB text WRITEUP
SKY Gunning Myspeach - Path Traversal
Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
CVE-2007-2001 EXPLOITDB text WRITEUP
Crea-Book <1.0 - Code Injection
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.